From owner-freebsd-pf@FreeBSD.ORG  Thu Nov  9 05:21:04 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 19A7E16A4A0
	for <freebsd-pf@freebsd.org>; Thu,  9 Nov 2006 05:21:04 +0000 (UTC)
	(envelope-from beastie@mra.co.id)
Received: from mx3.mra.co.id (fw.mra.co.id [202.57.14.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E240343D4C
	for <freebsd-pf@freebsd.org>; Thu,  9 Nov 2006 05:19:17 +0000 (GMT)
	(envelope-from beastie@mra.co.id)
Received: from localhost (localhost.mra.co.id [127.0.0.1])
	by mx3.mra.co.id (Postfix) with ESMTP id 0A1FB30FFA;
	Thu,  9 Nov 2006 12:08:24 +0700 (WIT)
Received: from mx3.mra.co.id ([127.0.0.1])
	by localhost (mx3.mra.co.id [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP
	id 70832-03; Thu,  9 Nov 2006 12:08:23 +0700 (WIT)
Received: from beastie.mra.co.id (unknown [172.16.0.228])
	by mx3.mra.co.id (Postfix) with ESMTP id 9A0B930FF9;
	Thu,  9 Nov 2006 12:08:23 +0700 (WIT)
From: Muhammad Reza <beastie@mra.co.id>
To: Gilberto Villani Brito <linux@giboia.org>
In-Reply-To: <6e6841490611071141u2f1ad06apaa4542a94f8b786b@mail.gmail.com>
References: <1162836051.23997.7.camel@beastie.mra.co.id>
	<6e6841490611071140u486d550bn8d3f3f0c40b6fd9@mail.gmail.com>
	<6e6841490611071141u2f1ad06apaa4542a94f8b786b@mail.gmail.com>
Date: Thu, 09 Nov 2006 01:25:56 +0700
Message-Id: <1163010356.1504.46.camel@beastie.mra.co.id>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.2 (2.0.2-8) 
X-Virus-Scanned: by amavisd-new at mra.co.id
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: "FreeBSD \(PF\)" <freebsd-pf@freebsd.org>
Subject: Re: pf.conf + altq problem
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2006 05:21:04 -0000

still not work with pass in rule.

add info with this rule set:

altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
queue int_out       bandwidth 3Mb
queue dflt_out      bandwidth  16Kb cbq (default)

altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
queue int_in       bandwidth 3Mb
queue dflt_in      bandwidth 16Kb cbq (default)

pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep  state flags
S/SA queue (int_out)
pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags
S/SA queue (int_in)

if i only enabled altq on in one interface only (xl1 or xl2) , traffic
limitation that i want is can be done.

Is there something that can be done with ALTQ and PF or my rule is
bad ???

please help me...


> Try this rules:
> pass in log on xl2 from 172.16.0.228 to 202.57.14.1 keep  state flags
> S/SA queue (int_out)
> pass in log on xl2 from 172.16.0.228 to 202.57.14.1 keep  state flags
> S/SA queue (int_in)
> 
> Gilberto
> 
> 
> 2006/11/6, Muhammad Reza <beastie@mra.co.id>:
> > Dear All.
> >
> > I start with the simple rule set in my pf bridge machine to limit
> > bandwidth 3Mbps  from my server on lan to internet and from internet to
> > my server on lan
> > this my setup:
> >
> > Internet ---xl1 xl2---LAN
> >
> > and my pf.conf
> >
> > lan="172.16.0.0/24"
> > #ALTQ at outgoing interface to limit traffic 3 MBps from lan to internet
> > altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
> > queue int_out       bandwidth 3Mb
> > queue dflt_out      bandwidth  16Kb cbq (default)
> > #ALTQ at lan interface to limit traffic 3 MBps from internet to lan
> > altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
> > queue int_in       bandwidth 3Mb   cbq (default)
> > queue dflt_in      bandwidth  16Kb
> >
> > block on xl1
> > pass in on xl1  from any to $lan
> > pass out on xl1 from $lan to any
> > pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep  state flags S/SA queue (int_out)
> >
> > block on xl2
> > pass in on xl2 from $lan to any keep state
> > pass out on xl2  from any to $lan  keep state
> > #pass  out  log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags S/SA queue (int_in)
> >
> > I have done some test with iperf with no luck.
> > Is there something wrong with this rule set to acompilished my need ?
> > Please help
> >
> > Regards
> > Reza
> >
> >
> >
> > _______________________________________________
> > freebsd-pf@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
> >
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>